From cd80198fd51a7119db7528aceeb886e4ff0dd8a6 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@fedoraproject.org>
Date: Tue, 19 Oct 2004 11:08:03 +0000
Subject: [tw] - fixed groffer scripte security problem (#136314)

---
 groff-1.18.1.1-tempfile.patch | 28 ++++++++++++++++++++++++++++
 groff.spec                    |  7 ++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 groff-1.18.1.1-tempfile.patch

diff --git a/groff-1.18.1.1-tempfile.patch b/groff-1.18.1.1-tempfile.patch
new file mode 100644
index 0000000..0e73606
--- /dev/null
+++ b/groff-1.18.1.1-tempfile.patch
@@ -0,0 +1,28 @@
+--- groff-1.18.1.1/contrib/groffer/groffer.sh.tempfile	2004-06-15 03:44:50.000000000 +0200
++++ groff-1.18.1.1/contrib/groffer/groffer.sh	2004-10-19 13:04:35.704244526 +0200
+@@ -3228,18 +3228,13 @@
+   do
+     if is_not_empty "$d"; then
+       if obj d is_dir && obj d is_writable; then
+-        _TMP_DIR="${d}/${_PROGRAM_NAME}${_PROCESS_ID}";
+-        if obj _TMP_DIR is_dir; then
+-	  rm -f "${_TMP_DIR}"/*;
+-          break;
+-        else
+-          mkdir "${_TMP_DIR}";
+-          if obj _TMP_DIR is_not_dir; then
+-            _TMP_DIR='';
+-	    continue;
+-          fi;
+-          break;
+-  	fi;
++	  _TMP_DIR="`mktemp -d ${d}/${_PROGRAM_NAME}.XXXXXX`";
++	  if test $? = 0; then
++	      break;
++	  else
++	      _TMP_DIR='';
++	      continue;
++	  fi
+       fi;
+       if obj _TMP_DIR is_not_writable; then
+ 	_TMP_DIR='';
diff --git a/groff.spec b/groff.spec
index da96505..61b6016 100644
--- a/groff.spec
+++ b/groff.spec
@@ -3,7 +3,7 @@
 Summary: A document formatting system.
 Name: groff
 Version: 1.18.1.1
-Release: 2
+Release: 3
 License: GPL
 Group: Applications/Publishing
 Source0: ftp://ftp.gnu.org/gnu/groff/groff-%{version}.tar.gz
@@ -27,6 +27,7 @@ Patch16: groff-1.18.1-devutf8.patch
 Patch17: groff-1.18.1.1-revision.patch
 Patch18: groff-1.18.1.1-do_char.patch
 Patch19: groff-1.18.1.1-grn.patch
+Patch20: groff-1.18.1.1-tempfile.patch
 
 URL: ftp://ftp.gnu.org/gnu/groff/
 Requires: mktemp
@@ -91,6 +92,7 @@ System display.
 %patch17 -p1 -b .revision
 %patch18 -p1 -b .do_char
 %patch19 -p1 -b .grn
+%patch20 -p1 -b .tempfile
 
 %build
 PATH=$PATH:%{_prefix}/X11R6/bin
@@ -196,6 +198,9 @@ fi
 %endif
 
 %changelog
+* Tue Oct 19 2004 Thomas Woerner <twoerner@redhat.com> 1.18.1.1-3
+- fixed groffer scripte security problem (#136314)
+
 * Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 1.18.1.1-2
 - fixed DoCharacter calls in xditview (#110812)
 - fixed fclose called once too often (#132690): thanks to Ulrich Drepper for
-- 
cgit